SAN FRANCISCO—The security industry must declare itself a neutral party in cyber attacks between nation states, Microsoft President Brad Smith said here at the RSA Conference.

"Even in an age of rising nationalism, we need to become a trusted and neutral digital Switzerland," Smith told the audience, making an oblique reference to the rise of nationalist political movements in the US and Europe.

"As a global tech sector, we need to come together and sign our own pledge in conjunction with the world's states," said Smith. "We will protect customers, focus on defense, collaborate with each other, and we will provide patches to all customers everywhere regardless of the attacks they face, and we will do our part to address the world's needs.

"We will not aid in attacking customers anywhere," he added.

Smith also urged attendees to call on governments to adopt a treaty or pledge that would enshrine the rights and safety of civilians during a cyber attack. Civilian infrastructure, including civilian governmental systems, should be off limits, he said, pointing to the 1949 Geneva Convention, which outlines how nations must treat civilians in times of war.

A new convention on cyber attacks from nation states must focus on preventing attacks against civilians in times of peace. He pointed to the US and China, which under the Obama administration—to cool rising tensions between the two countries—agreed to not partake in certain behaviors as part of cyber operations. President Trump should do the same with Russia, Smith said.

Lastly, Smith called for the creation of a new group to monitor cyber-attack activity. "What the world needs is a new independent organization, like IAEA," he said, referring to the International Atomic Energy Agency. The organization Smith outlined would provide an impartial assessment of cyber attacks and identify nation-state attackers, which would give its judgement greater authority on the world stage.

Smith's concern is rooted in the rapid expansion of cyber attacks, both in scope and severity. "We've seen cyber attacks move from enthusiast to financial thieves to nations around the world," said Smith. Taking strong positions on issues of national interest is nothing new for Smith, who last year used his keynote presentation to call on the security industry to stand with Apple in its case against the FBI.

As warfare moves into cyberspace, Smith observed that this creates new problems not seen in other theaters of conflict, like oceans or airspace. For one thing, cyberspace exists everywhere, between computers, servers, and phones carried by just about every living human being. Cyberspace is also, Smith pointed out, privately owned.

"When it comes to these attacks, we are the plane of battle and the world's first responders instead of nation state attacks being met by other nation states, they are being met by us," Smith told RSA attendees, most of which are members of the security industry.

Related

Smith described the Sony Pictures Entertainment hack, allegedly carried out by North Koreain response to the film The Interview, as a major turning point in cyber attacks from nation states. It was, he said, not about attacking a government but rather, "attacking a private company over freedom of expression over, as it turned out, not a very popular movie."

Smith also highlighted the importance of the immigrant community in the technology industry, a reference to President Trump's controversial travel ban targeted at seven majority Muslim countries.

About the Author

Max Eddy is a Software Analyst, taking a critical eye to the Android OS and security services. He's also PCMag's foremost authority on weather stations and digital scrapbooking software. He spends much of his time polishing his tinfoil hat and plumbing the depths of the Dark Web.
Prior to PCMag, Max wrote for the International Digital Times, The... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.